Marcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627,was incomplete. Red Hat issued kdegraphics packages with this incompletefix in RHSA-2005:868. An attacker could construct a carefully crafted PDFfile that could cause kpdf to crash or possibly execute arbitrary code whenopened. The Common Vulnerabilities and Exposures project assigned the nameCVE-2006-0746 to this issue.

Users of kpdf should upgrade to these updated packages, which contain abackported patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriateRPMs being upgraded on your system.